RubySec

Providing security resources for the Ruby community

OSVDB-97854 (fog-dragonfly): Dragonfly Gem for Ruby on Windows Shell Escaping Weakness

ADVISORIES

  • OSVDB-97854

GEM

fog-dragonfly

PATCHED VERSIONS

None.

DESCRIPTION

Dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly escape a shell that contains injected characters. This may allow a context-dependent attacker to potentially execute arbitrary commands.

This gem has been renamed. Please use “dragonfly” from now on.